Software Tokens: Not A Problem For RPA
First, let’s highlight two statements that our sales team has been saying about RPA for a while:
1 – “There has not been a software application that we haven’t been able to automate in the last 18 months.” But maybe there are some processes not worth automating?
2 – “Two years ago, processes required six to eight months to automate. Now, they only take weeks!” This is probably not a great sales strategy for us but it’s honest and it’s good news for our clients.
After one year at Greenlight Consulting, those salespeople turned out to be right. A good example of this is how Robotic Process Automation (RPA) deals with RSA SecurID software tokens and two-factor authentication (2FA).
Software Tokens: Explained
Two-factor authentication, often found in financially sensitive applications, adds additional security to your online accounts with the purpose of reducing fraud and hacking attempts. During two-factor authentication, a security token will generate a unique code that has traditionally been a hardware device but is now often software-based, known as software tokens. Verifying this code can be a tedious and repetitive task, so we looked into how we could automate it.
Back in the day, we would mount a camera to face a physical two-factor authentication token and use optical character recognition (OCR) to determine the result from the digital image, captured every 15 seconds.
Then we got more sophisticated. We programmed software bots to message a human who had the software token, hoping that the human would message the bot back in time for the bot to enter the code. If not, it ended up being an odd game of text tag.
Even though these early solutions seemed strange, they delivered significant ROI. The effort was worth it! Now in 2020, the software bots are using the same applications that humans are using: software-based two-factor authentication.
The RPA Project
One of our Financial Services clients contracted us for a 7-week automation project to set up their RPA infrastructure and deliver an automated process. The initial process was a quick-win: to show the capabilities of the RPA platform while interacting with structured text files and a web portal. During our initial analysis, we confirmed our assumptions. The automation candidate was heavily rule-based with low complexity. We were on our way to setting ourselves up for another successful RPA project!
How Two-Factor Authentication Raised Concerns
At the time of the project, our client was in the process of their own digital transformation. They were leveraging emerging technologies to support a variety of initiatives, with security as their top priority. While we were working on the project, it was discovered that two-factor authentication was unexpectedly being enabled on all laptops, resulting in a new security login step for the web portal. The client immediately flagged this additional authentication step as a potential roadblock for the RPA project and indicated that it could be several days before we can perform an analysis on the software.
Overcoming The Roadblock
Software tokens have a graphical interface that a human interacts with. The user is provided with a one-time use code that they can copy and paste into the targeted authentication application. We informed the client that this new security step was in fact not a roadblock and simply another step to be included in the automation. Greenlight Consulting was able to utilize the RPA software bot to mimic the users’ interaction with the new authentication application and successfully login to the web portal. Automating this step allowed the full process to be automated and alleviated the responsibility of requiring a user for any manual entry.
The solution implemented for this client took less than a day to set up and test. Back in the day (circa 2018), the camera that we mounted to face a physical token took over a month. Greenlight has been delivering outside the box thinking in RPA for a long time. Again and again, we continue to deliver quick and innovative solutions for our clients as the technology landscape matures and as more digitization strategies are implemented across businesses. In summary, solutions that were maybe not worth automating a few months ago become surmountable.
Is your business looking to automate repetitive processes? Contact us to discuss your next RPA project!